Managing-DNS
Remark: Managing Networks in Linux: Manipulate DNS
#resources/networking/dns
DNS (Domain Name System) is a core part of internet infrastructure.
While its purpose is to resolve domain names into IP addresses, hackers and sysadmins can manipulate or inspect DNS for reconnaissance, redirection, or debugging.
More info about DNS {Out of Learning Linux scope}
Get Nameserver (NS) Records:
dig hackers-arise.com ns
Sample Output:
- This reveals what servers control DNS for the domain and where they are hosted.
Get Mail Exchange (MX) Records:
dig hackers-arise.com mx
Sample Output:
Useful for identifying email infrastructure.
Attackers may use this for phishing or targeting mail servers.
Change Your DNS Server (/etc/resolv.config)
DNS servers are listed in:
/etc/resolv.conf
To manually edit:
- use your favorite text
editor.
leafpad /etc/resolv.conf
Example:
nameserver 8.8.8.8 # Google DNS
nameserver 192.168.181.2 # Local DNS
Order matters: the system checks from top to bottom.
Command-line method:
echo "nameserver 8.8.8.8" > /etc/resolv.conf
Note: If using DHCP, this file might be overwritten automatically when the lease renews.
Spoofing with /etc/hosts
The /etc/hosts file lets you override DNS locally by mapping hostnames to IP addresses. This is useful in CTFs when a challenge requires you to access a service by a specific domain name , you can map that domain to the target IP so your browser or tools connect correctly.
Example (requires root):
sudo sh -c 'echo "10.10.10.5 challenge.local" >> /etc/hosts'
sudo nano /etc/host
Notes
- Changes affect only your machine.
- Remove or comment out the entry when finished to avoid future confusion.
Open the file:
leafpad /etc/hosts
Example:
127.0.0.1 localhost
127.0.1.1 kali
# redirected
192.168.23.135 youtube.com
USE TAB, not space, between the IP and domain.
What Happens?
Any time this system accesses youtube.com, it will be redirected to 192.168.23.131 — skipping real DNS lookup.
Real-World Use:
Combined with tools like:
dnsspoofEttercap- ARP poisoning
You can redirect LAN users to a fake login page or test server.